Institute for Software Research
School of Computer Science, Carnegie Mellon University


Global Mapping of Cyber Attacks

Ghita Mezzour*, L. Richard Carley*, Kathleen M. Carley

October 2014


Keywords: Intrusion detection, anti-virus, socio-technical factors, cyber security, empirical study

Identifying factors behind countries' weakness to cyber-attacks is an important step towards addressing these weaknesses at the root level. For example, identifying factors why some countries become cyber-crime safe heavens can inform policy actions about how to reduce the attractiveness of these countries to cyber-criminals. Currently, however, identifying these factors is mostly based on expert opinions and speculations.

In this work, we perform an empirical study to statistically test the validity of these opinions and specu- lations. In our analysis, we use Symantec's World Intelligence Network Environment (WINE) Intrusion Prevention System (IPS) telemetry data which contain attack reports from more than 10 million customer computers worldwide. We use regression analysis to test for the relevance of multiple factors including monetary and computing resources, cyber-security research and institutions, and corruption.

Our analysis confirms some hypotheses and disproves others. We find that many countries in Eastern Europe extensively host attacking computers because of a combination of good computing infrastructure and high corruption rate. We also find that web attacks and fake applications are most prevalent in rich countries because attacks on these countries are more lucrative. Finally, we find that computers in Africa launch the lowest rates of cyber-attacks. This is surprising given the bad cyber reputation of some African countries such as Nigeria. Our research has many policy implications.

32 pages

*Department of Electrical and Computer Engineering, Carnegie Mellon University

Return to: SCS Technical Report Collection
School of Computer Science

This page maintained by